SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
5 Steps to Build an Effective Vulnerability Management Program
Vulnerability management program is a standardized process across most organizations. However, even organizations that follow periodic compliance audits and patch software vulnerabilities are hit by cyber-attacks. If attack surfaces are open despite following a documented vulnerability management pr...
CVE Research
Oracle Emergency Fix for Critical RCE Flaw in WebLogic Server
Oracle has addressed a critical Remote Code Execution (RCE) vulnerability in the rare out-of-band patch in numerous versions of Oracle WebLogic Server. The vulnerability is assigned CVE-2020-14750, which has a CVSS base score of 9.8 out of 10 and is remotely exploitable without authentication or use...
CVE Research
Three Takeaways from the National Security Agency’s Cybersecurity Advisory in October 2020
On October 20, 2020, the National Security Agency (NSA), a national-level intelligence agency of the United States Department of Defense, released an NSA cybersecurity advisory highlighting 25 vulnerabilities in commonly-used software that are currently under active exploitation. They released the a...
CVE Research
UNC1945 Infiltrates Corporate Networks through a Solaris Zero-Day Bug
A new zero-day vulnerability (CVE-2020-14871) in Oracle Solaris has been brought to light by the FireEye security research team, Mandiant. Moreover, the vulnerability has been reported as being actively exploited. A Vulnerability Management System can resolve these issues. Hence, the sophisticated ...
CVE Research
Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild
Google Project Zero disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that being currently exploited in the wild. A vulnerability management tool discovered this.
CVE Research
System Hardening: The Key to Minimizing Attack Surfaces
Cyber-attacks are busting in from all directions. The biggest and most widespread attack was in 2017, called Wannacry. More than 230,000 computers were affected by ransomware, amounting to more than $4 billion in losses. This attack was due to an old SMB protocol enabled in Windows devices. Prevent ...
CVE Research
The First Step Towards Endpoint Security Brilliance
This year has forced us into a lot of new challenges in the digital world. During the first half of 2020, Microsoft has seen a 150% increase in vulnerabilities than the entirety of 2019. Security breaches and ransomware attacks are being reported at an alarming rate this year. Cybercriminals now hav...
CVE Research
Oracle WebLogic Server Under Active Exploitation (CVE-2020-14882)
Critical Remote Code Execution (RCE) vulnerability CVE-2020-14882 in the console component of the Oracle WebLogic Server Exploitation allows unauthenticated, remote attackers to execute commands on the affected servers. Oracle has assigned this vulnerability a CVSSv3 score of 9.8 out of 10, clearly ...
CVE Research
The 5 Biggest Myths of Vulnerability Management Busted for Good
Vulnerability management has been a standard practice for more than 15 years now. Vulnerability Scanning tool, assessment, and remediation have occupied an important spot in an organization’s endpoint security practices. However, many old beliefs and approaches that were once working fine have turne...